Jump to content


Photo

Is Ad-Aware AE trying to be Mal-Ware


  • Please log in to reply
29 replies to this topic

#1 darkgreen

darkgreen

    Member

  • Members
  • PipPip
  • 14 posts

Posted 27 January 2009 - 05:33 PM

Okay, so the title is a bit aggressive, but it really amazes me how Ad-Aware AE behaves.

Background: I'm trying to disable the automatic startup of Ad-Aware on boot (AKA Ad-Aware Live).
Why? Because I practice safe browsing, rarely pick up anything worse than a cookie, and don't want to slow down my computer.

Step 1: Go to the Ad-Aware live menu and choose not to run it. Unticking all three boxes still results in Ad-Aware running at every start up.

Step 2: I ran msconfig and found the AAWTray task and turned it off - Ad-Aware still starts at every boot up!

Step 3: I went into C:\Program Files\Lavasoft\Ad-Aware and renamed the AAWTray.exe file so that it couldn't be found, and Ad-Aware installed a new copy!!!!

Looks like Ad-Aware is trying hard to qualify as Mal-Ware!

I just want to be able to run Ad-Aware occasionally to clean things up. So please someone tell me, is there any real and known to work method of keeping Ad-Aware from running constantly in the background?

I see other people on these boards having similar problems so I'm curious if a mod can respond. If you think you have a solution make sure to reboot a few times to test it. My "step 3" above lasted through 2 reboots before Ad-Aware reinstalled itself.

I'm really hoping there is a solution.

#2 Sebastian J

Sebastian J

    Advanced Member

  • Members
  • PipPipPip
  • 46 posts

Posted 27 January 2009 - 05:37 PM

This issue will be fixed in the next software update, if all goes well, it will be released this week.

#3 darkgreen

darkgreen

    Member

  • Members
  • PipPip
  • 14 posts

Posted 27 January 2009 - 05:46 PM

Ah, I see.

Thank you Lavasoft. I would modify the topic title if I could but I see that a bit of hyperbole at least led to the answer :)

No hard feelings, although you could have posted to one of the other threads on disabling Ad-Aware live (assuming this was known before now).

Cheers

#4 Alicateire

Alicateire

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 31 January 2009 - 08:59 PM

This issue will be fixed in the next software update, if all goes well, it will be released this week.



Eh?

I came back to this forum after a week, and noticed this post with a very similar title to the one I used http://www.lavasofts...showtopic=23208

So someone who actually is "Lavasoft staff" apparently only joined this forum a week ago, and has only made a handful of posts addressing the escalating surprise, frustration, and despair of customers who "upgraded" to this defective product never dreaming the problems it would cause

In this context, the comment is just baffling :o

#5 darkgreen

darkgreen

    Member

  • Members
  • PipPip
  • 14 posts

Posted 03 February 2009 - 10:39 PM

Eh?

I came back to this forum after a week, and noticed this post with a very similar title to the one I used http://www.lavasofts...showtopic=23208

So someone who actually is "Lavasoft staff" apparently only joined this forum a week ago, and has only made a handful of posts addressing the escalating surprise, frustration, and despair of customers who "upgraded" to this defective product never dreaming the problems it would cause

In this context, the comment is just baffling :D


Hey, I'm just glad that apparently my shamelessly aggressive title phrasing and trial of everything I could think of got us an actual answer from a dev. I don't know why they haven't put this response in the many other threads about this though. Seems like should be pinned or something (not my topic, necessarily, but something with this response).

#6 Babar

Babar

    Former Lavasoft Staff

  • Members
  • Pip
  • 6 posts

Posted 03 February 2009 - 11:32 PM

Hi,

See my reply here:

http://www.lavasofts...s...ost&p=95611

Cheers,
Babar

#7 darkgreen

darkgreen

    Member

  • Members
  • PipPip
  • 14 posts

Posted 12 February 2009 - 11:44 PM

This issue will be fixed in the next software update, if all goes well, it will be released this week.


It's been a couple weeks and updates have come out, but this problem behavior continues. Can the situation be clarified?

#8 GoddersUK

GoddersUK

    Valued Member/ Ad-Aware Beta Tester

  • Valued Member
  • PipPipPip
  • 688 posts

Posted 15 February 2009 - 01:02 PM

Turn off scheduled scans, automatic updates and AdWatch.

Then right click the tray icon and click exit.
If you are a paying user (Plus/Pro License) you should visit the Lavasoft Support Centre.

If you need help to remove an infection:

Read this first. Follow ALL the steps in it. If you do not then you will just be asked to go away and do so.
Then post your HJT log (copy and paste, don't attach) into a NEW topic in the HJT Log Forum
Await advice from either a Volunteer Security Advisor or a member of Lavasoft staff.


If you see anyone other than a VSA or Lavasoft staff member giving advice in the HijackThis forum please PM a mod.


DO NOT POST HJT LOGS IN ANY FORUM OTHER THAN THE OFFICIAL HJT LOG FORUM. We will be unable to deal with them there and will just tell you to go to the right place.


Please do NOT bump HijackThis log posts, it won't help you receive help any faster - the VSAs look for posts with zero replies. If after one week you have not received a response please repost your log file in a NEW thread.

#9 darkgreen

darkgreen

    Member

  • Members
  • PipPip
  • 14 posts

Posted 16 February 2009 - 08:52 PM

Turn off scheduled scans, automatic updates and AdWatch.

Then right click the tray icon and click exit.


Yes, that's step 1. Then step 2 and three involve removing it from startup and renaming the file. It still comes back after a few days. Actually the duration before return seems to vary, maybe I'm not starting my computer the same number of times each day.

#10 Win_Blameless

Win_Blameless

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 16 February 2009 - 11:20 PM

Possible AWWTray.exe PERMANENT DEACTIVATION?

Yes, that's step 1. Then step 2 and three involve removing it from startup and renaming the file. It still comes back after a few days. Actually the duration before return seems to vary, maybe I'm not starting my computer the same number of times each day.



Yeah the latest "fix" has failed for me to - the AWWTray.exe tray icon now pops back up randomly (ie not directly after boot up OR without executing Ad-Aware the program itself) after a few days EVEN after following all the latest instructions here ( + rechecking thoroughly each step etc)

Have been trying out all sorts of things to "kill off" AWWTray.exe in Lavasoft/Ad-Aware Program Folder/directory. So far this is working EVEN after UPDATING definitions (when the AWWTray.exe usually gets fully restored automatically)

Basically i just ENCRYPTED the AWWTray.exe file ; (First make sure the tray icon is OFF.) Right click on the file. Select Properties. "Attributes" is on the bottom row - click the "Advanced" button at end of the "Attributes" line then tick the box marked "Encrpyt contents to secure data". If an "Encryption warning" box pop up appears select the "Encrypt file only option".Finally if you check the appearance of the (unclicked) file you should notice that the text is now GREEN (ironically enough :P ).

#11 darkgreen

darkgreen

    Member

  • Members
  • PipPip
  • 14 posts

Posted 16 February 2009 - 11:24 PM

Basically i just ENCRYPTED the AWWTray.exe file ; (First make sure the tray icon is OFF.) Right click on the file. Select Properties. "Attributes" is on the bottom row - click the "Advanced" button at end of the "Attributes" line then tick the box marked "Encrpyt contents to secure data". If an "Encryption warning" box pop up appears select the "Encrypt file only option".Finally if you check the appearance of the (unclicked) file you should notice that the text is now GREEN (ironically enough :P ).


Great, I'll try that. I just finished killed AAWTray again for the second time TODAY. And yes, everything is turned off.

I'm also going to report Ad-Aware AE to stopbadware.org. The irony is terrible; it's so very painful to see a piece of software I've respected for so long go over to malware practices like unauthorized and uncontrollable running!

EDIT: turns out encrypting is disabled for this particular file! I'm going to try renaming another file in its place and see if AWWTray actually overwrites files that try to stop it!

Edited by darkgreen, 16 February 2009 - 11:27 PM.


#12 GoddersUK

GoddersUK

    Valued Member/ Ad-Aware Beta Tester

  • Valued Member
  • PipPipPip
  • 688 posts

Posted 16 February 2009 - 11:50 PM

Hi, encrypting is not "disabled" for that particular file, rather it is a feature only available on the Windows XP Professional (and IIRC Vista Business/Enterprise/Ultimate) operating systems, and not on Windows XP Home Edition (or Vista Starter/Home Basic/Home Premium) operating systems.

Please ensure that you are updated for the latest version for this fix to work.

You must ensure that Scheduled Scans, Automatic Updates and ALL Ad-Watch Live! features are turned off. It is important that all of these are turned off. If you start deleting/renaming files it is likely that AAW will just dump a new one in its place that looses the settings I just asked you to configure - hence giving the appearance that the fix hasn't worked.

You must then exit it using the RIGHT CLICK MENU ON THE TRAY ICON. This should notice your settings and ensure that it doesn't start the service on boot.

If the above does not work then please go to Services and set the Lavasoft Ad-Aware Service (AAWService.exe) to manual start up (start > run > services.msc). This should resolve your problems.

Edited by GoddersUK, 16 February 2009 - 11:51 PM.
clarity

If you are a paying user (Plus/Pro License) you should visit the Lavasoft Support Centre.

If you need help to remove an infection:

Read this first. Follow ALL the steps in it. If you do not then you will just be asked to go away and do so.
Then post your HJT log (copy and paste, don't attach) into a NEW topic in the HJT Log Forum
Await advice from either a Volunteer Security Advisor or a member of Lavasoft staff.


If you see anyone other than a VSA or Lavasoft staff member giving advice in the HijackThis forum please PM a mod.


DO NOT POST HJT LOGS IN ANY FORUM OTHER THAN THE OFFICIAL HJT LOG FORUM. We will be unable to deal with them there and will just tell you to go to the right place.


Please do NOT bump HijackThis log posts, it won't help you receive help any faster - the VSAs look for posts with zero replies. If after one week you have not received a response please repost your log file in a NEW thread.

#13 darkgreen

darkgreen

    Member

  • Members
  • PipPip
  • 14 posts

Posted 17 February 2009 - 06:27 PM

Hi, encrypting is not "disabled" for that particular file, rather it is a feature only available on the Windows XP Professional (and IIRC Vista Business/Enterprise/Ultimate) operating systems, and not on Windows XP Home Edition (or Vista Starter/Home Basic/Home Premium) operating systems.

Please ensure that you are updated for the latest version for this fix to work.

You must ensure that Scheduled Scans, Automatic Updates and ALL Ad-Watch Live! features are turned off. It is important that all of these are turned off. If you start deleting/renaming files it is likely that AAW will just dump a new one in its place that looses the settings I just asked you to configure - hence giving the appearance that the fix hasn't worked.

You must then exit it using the RIGHT CLICK MENU ON THE TRAY ICON. This should notice your settings and ensure that it doesn't start the service on boot.

If the above does not work then please go to Services and set the Lavasoft Ad-Aware Service (AAWService.exe) to manual start up (start > run > services.msc). This should resolve your problems.


Hi GoddersUK-

I appreciate that you are putting effort into this, but some of your assumptions are false.

I am using XP Professional - although I have discovered that all files can't be encrypted and this turns out to have a specific cause. I actually never said AAW in particular was blocking this, but I can see how you might read it this way.

"Please ensure that you are updated for the latest version for this fix to work.

You must ensure that Scheduled Scans, Automatic Updates and ALL Ad-Watch Live! features are turned off. It is important that all of these are turned off. "

I believe I have done this, obviously. I have used the update option repeatedly while making sure I'm online. All the things you mention are indeed turned off.

"You must then exit it using the RIGHT CLICK MENU ON THE TRAY ICON. This should notice your settings and ensure that it doesn't start the service on boot."

Yes, I've done that. Many times.

"If the above does not work then please go to Services and set the Lavasoft Ad-Aware Service (AAWService.exe) to manual start up (start > run > services.msc). This should resolve your problems."

Yes, I have done that too. Just yesterday morning I did all of these things and the Tray service launched twice during that day after I did these settings.

What else can you recommend?

Cheers,

-darkgreen

#14 darkgreen

darkgreen

    Member

  • Members
  • PipPip
  • 14 posts

Posted 17 February 2009 - 06:30 PM

Hmm... what about notifications? Ad-Watch live is completely off but I'm going to set "do not notify me" as well.

#15 darkgreen

darkgreen

    Member

  • Members
  • PipPip
  • 14 posts

Posted 17 February 2009 - 06:33 PM

I just made a fun discovery while messing with this. I was changing settings, which of course meant Ad-Aware launched another AAWService instance. There was no Menu Tray icon (still isn't) so I killed it from the task manager. Immediately an execution window popped up to launch another copy of AAWService and it popped up in Task Manager again. All for a process I don't want and did everything that the company says turns it off.

I'm sorry, but this thing is breaking every badware rule in the book. Uninstalling and reporting to badware.org.

Edited by darkgreen, 17 February 2009 - 06:36 PM.


#16 The Elf

The Elf

    Member

  • Members
  • PipPip
  • 26 posts

Posted 17 February 2009 - 06:47 PM

I reverted back to 2008 Adaware because of this.

At first I thought I was seeing things when the tray icon kept reappearing. After a bit I wondered if I was on Candid Camara. :(

#17 GoddersUK

GoddersUK

    Valued Member/ Ad-Aware Beta Tester

  • Valued Member
  • PipPipPip
  • 688 posts

Posted 17 February 2009 - 08:07 PM

Ok people, there are two exes in question here:

AAWTray.exe which runs the tray icon and notifications (and is running even if you have "hide tray icon" checked so that it can provide notification) and AAWService.exe which is the main AdAware service. This is due to the way Windows work - my n00b understanding of this is that the background service is not allowed to interact directly with the GUI - hence why it needs a proxy (non technical meaning) (aawtray) to do this for it.

Please ensure that these are both set to manual start in services. (start > run >services.msc, not by killing in task man).

To be doubly clear to anyone reading this: There are TWO SEPARATE PROCESSES in question here - AAWTRAY.EXE and AAWSERVICE.EXE.
If you are a paying user (Plus/Pro License) you should visit the Lavasoft Support Centre.

If you need help to remove an infection:

Read this first. Follow ALL the steps in it. If you do not then you will just be asked to go away and do so.
Then post your HJT log (copy and paste, don't attach) into a NEW topic in the HJT Log Forum
Await advice from either a Volunteer Security Advisor or a member of Lavasoft staff.


If you see anyone other than a VSA or Lavasoft staff member giving advice in the HijackThis forum please PM a mod.


DO NOT POST HJT LOGS IN ANY FORUM OTHER THAN THE OFFICIAL HJT LOG FORUM. We will be unable to deal with them there and will just tell you to go to the right place.


Please do NOT bump HijackThis log posts, it won't help you receive help any faster - the VSAs look for posts with zero replies. If after one week you have not received a response please repost your log file in a NEW thread.

#18 darkgreen

darkgreen

    Member

  • Members
  • PipPip
  • 14 posts

Posted 17 February 2009 - 08:26 PM

Ok people, there are two exes in question here:

AAWTray.exe which runs the tray icon and notifications (and is running even if you have "hide tray icon" checked so that it can provide notification) and AAWService.exe which is the main AdAware service. This is due to the way Windows work - my n00b understanding of this is that the background service is not allowed to interact directly with the GUI - hence why it needs a proxy (non technical meaning) (aawtray) to do this for it.

Please ensure that these are both set to manual start in services. (start > run >services.msc, not by killing in task man).

To be doubly clear to anyone reading this: There are TWO SEPARATE PROCESSES in question here - AAWTRAY.EXE and AAWSERVICE.EXE.


Yes, and to be very double ultra clear - turning off all the software flags AND setting them to manual just slows Ad-Aware down for a few boots as it changes everything back. THIS is the main problem and the thing I object to.

#19 GoddersUK

GoddersUK

    Valued Member/ Ad-Aware Beta Tester

  • Valued Member
  • PipPipPip
  • 688 posts

Posted 19 February 2009 - 05:55 PM

Are you running any kind of registry protection programme (e.g. Spybot Tea Timer, or even AdWatch could block itself, if you clicked through prompts without reading them) that's preventing the necessary changes to allow the programme to not start on boot.
If you are a paying user (Plus/Pro License) you should visit the Lavasoft Support Centre.

If you need help to remove an infection:

Read this first. Follow ALL the steps in it. If you do not then you will just be asked to go away and do so.
Then post your HJT log (copy and paste, don't attach) into a NEW topic in the HJT Log Forum
Await advice from either a Volunteer Security Advisor or a member of Lavasoft staff.


If you see anyone other than a VSA or Lavasoft staff member giving advice in the HijackThis forum please PM a mod.


DO NOT POST HJT LOGS IN ANY FORUM OTHER THAN THE OFFICIAL HJT LOG FORUM. We will be unable to deal with them there and will just tell you to go to the right place.


Please do NOT bump HijackThis log posts, it won't help you receive help any faster - the VSAs look for posts with zero replies. If after one week you have not received a response please repost your log file in a NEW thread.

#20 darkgreen

darkgreen

    Member

  • Members
  • PipPip
  • 14 posts

Posted 20 February 2009 - 01:08 AM

Are you running any kind of registry protection programme (e.g. Spybot Tea Timer, or even AdWatch could block itself, if you clicked through prompts without reading them) that's preventing the necessary changes to allow the programme to not start on boot.


Now that is an interesting direction to think in!

I don't have Spybot or any real add-ons. Running XP Pro so no UAC. McAfee Security Center does do some registry modification protection but usually I get a dialog box with a warning if it blocks something.

That's an interesting direction to research. Could McAfee really be allowing the service to install and stopping removal??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users